Network security requirements place heavy demands on system administrators in addition to the time required for systems operation, maintenance, and upgrades. The effort necessary to provide enclave security includes lengthy review of system logs and response to alerts, many of which are false alarms. This often results in genuine attacks being overlooked until the damage has been done. Strong intrusion detection and response mechanisms should reduce false alarm rates to increase system administrator productivity. A broader range of detected intrusions would strengthen the security posture. More timely intrusion detection would permit immediate response.